7982a8dd7cbafc7dc7bb0987276aa883c347ff496d9dfb5ec0852bc49d03b8bc

Analysis

max time kernel
142s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

104.3MB
MD5

7fa83fe4857eaaf6fc6db9297c844038
SHA1

2a327cb8fbfd1273c18947817899dd98affe0051
SHA256

933ade515e0f2d50619c89a7db18a898e6029448437ce72d6306fe67e269b507
SHA512

b61ecf63897e0fb48d1a732cd4bb5537d3e6f6ada31a6011c12ffe1516cadc68a4e1cf1f806c735d127282ca2528b9b373976ddb0baefacdfcad4163f00f6db0
SSDEEP

1572864:0X+S+V9LyN0C1qh6maqmmRoF+dnQ6dkkGFinQ6dkkGFinQYPcAtjTDhlHYxZGf8A:0X+p3uN0CaFlQ9FiQ9FiQYEAlHQZGf8A

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4992	Setup.exe
4992	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsmA45F.tmp\InstallOptions.dll

Filesize
15KB

MD5
d1eefb07abc2577dfb92eb2e95a975e4

SHA1
0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2

SHA256
89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a

SHA512
eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmA45F.tmp\ioSpecial.ini

Filesize
1024B

MD5
e7199a39f0f82196968ff2377c72038d

SHA1
1de8a8dc7598ffc43db4e773a592892b01a374ba

SHA256
af4422c8c6979dbc7228a658ff3763a5920706f251aa396e4133879660dab0e3

SHA512
56a6699488079acc12900b8a529ac2b9c3cc67901aef2bf3d954438aead44826ec02f4010fb62eb325299479cde094c0453698241a57328452473a3390fa001a

Download Submit